Information Age: News, analysis & insight for IT & business leaders
2 September 2010

Vista security feature was designed "to annoy users", admits Microsoft

14 April 2008  Information Age

User Account Control was an attempt to encourage independent software vendors to build more secure applications, Microsoft employee tells RSA conference

An uncharacteristically-frank Microsoft employee has admitted that a security feature of the software giant's Vista operating system was deliberately designed to get on users' nerves.

David Cross told the RSA Conference in San Francisco last week, "The reason we put User Account Control into the Vista platform was to annoy users – I'm serious.”

User Account Control (UAC) is the part of the Vista platform that governs the security privileges of applications. It requires system administrators to regularly confirm permission for applications to change local data, something many users find frustrating.

But it was all part of a plan to improve independently-developed software, claims Cross. By deliberately impairing the user experience, Microsoft hoped to encourage independent software vendors (ISVs) to make the applications more secure and more mindful of user privileges.

"UAC is changing the ISV ecosystem," he said. "Applications are getting more secure [as a result]. We needed to change the ecosystem, and we needed a heavy hammer to do it."

According to Cross, 88% of Vista users have the feature enabled, contrary to the popular belief that disabling UAC is one of the first steps many take when setting up a Vista system.

Anti-virus firm Kaspersky Labs expressed doubts over the effectiveness of UAC when Vista was initially released, fearing that applications performing harmless actions could appear to be malicious in a security context and spook users unnecessarily.

But at the recent RSA conference Kaspersky seemed to have warmed to the feature: "Anything trying to shrink that attack surface and promote secure apps development has to be a good thing," Jeff Aliber, senior director of product marketing, noted.

Further reading

IT security is a futile pursuit says IBM

The China security threat The threat that China poses to IT security is making Western business executives nervous.

Find more stories in the Security & Continuity Briefing Room

Comments 

There are currently no comments on this article

People who read this also read...

Contact us


Comment guidelines

Wireless wrangling

Telecoms operators are using aggressive tactics to force European governments to open up wireless LANs for commercial use.

Softening the blow

In an editorial some 15 months ago, Information Age gave its opinion on the latest development in the European Commission's legal battle with software giant Microsoft: "All the historical precedents suggest that the EU's judgement on Microsoft won't change anything."

Microsoft warns of next technology sea change

Gates and Ozzie circulate internal warnings.

 

White Papers

Read article

10 Steps to an Enterprise Mobility Strategy

Regain control of your enterprise mobility strategy with these ten steps.

Read article

12 Key Points to Consider When Selecting a Network Scanning Solution

Discover the 12 key points your company should consider before you evaluate and select a vulnerability assessment solution.

Read article

1Z0-040 Oracle Database 10G New Features for Administrators Practice Exam

Oracle 9i administrators can certify on Oracle 10G by passing this exam. The ExamForce 1Z0-040 Oracle Database 10G New Features for Administrators practice exam provides their unique triple testing mode to instantly set a baseline of your knowledge and focus your study where you need it most.

More

More News

China limits IT security imports

World’s second largest economy discourages use of foreign IT security technology, drawing accusations of protectionism

'Worst ever' Pentagon cyber attack came from USB drive

US deputy defence secretary reveals that the worst security breach of military computers ever seen originated from an infected flash drive

Microsoft cloud services suffer outage

US customers endure "intermittent access" to online applications following network issue in software giant's data centre

Zurich Insurance hit with record data loss fine

Insurer fined £2.3 million by UK financial services watchdog following loss of 46,000 customer records

More News »

Related articles

China and Russia provide ‘political cover’ for cyber-criminals – report

Cyber-security report accuses nations of protecting online criminals. Plus: hackers are exploiting recession fears

Gary McKinnon on IT's weak spots

Superhacker McKinnon tells Information Age how his experiences highlight the security shortcomings of corporate IT

Fraud surge expected this Christmas

Fraud is expected to boom in line with online shopping this Christmas, as shoppers head online

SAP revises new support plan under customer pressure

Complaints from user group trigger extended Enterprise Support contracts

Advertisement